In association with heise online

27 July 2009, 08:51

SHA-3: second round in the cryptographers' Olympiad

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The competition run by the US National Institute of Standards and Technology (NIST) to find the next generation of cryptographic hash functions has gone into its second round. Fourteen algorithms are still vying to be crowned in 2012 as the next standard for cryptographic hash functions, SHA-3 (Secure Hash Algorithm).

Hash functions are among the main pillars supporting the security of electronic communications. From a message of arbitrary length, a hash function calculates a fixed-length hash value that gives no clues to the original message. A good cryptographic hash function is distinguished by the fact that it's practically impossible to reconstruct the message that gave rise to a given hash value.

There are many and various possible applications for hash functions. For example, a hash value can be used to check if a file is genuine, it's not for nothing that Microsoft recently published SHA-1 hashes of the final Windows 7 image. Web servers can use hash functions to check passwords without storing them in plain text; a hash value, from which the original password can't be reconstructed, can be stored in a database.

In a sense, unfortunately, hash functions suffer from ageing, for researchers are constantly seeking ways to crack them and computers keep getting faster, so older hashes can now be cracked using raw computing power. As a result, the popular MD5 hash algorithm is no longer considered secure, and real attacks are now being made where it is still being used. New research results are gradually enabling practical attacks On SHA-1 as well. If push comes to shove, we do still have SHA-2 up our sleeves but, cryptographic hash functions being such very tricky creatures, the NIST started the competition to find the next generation in 2008. According to the present schedule, it will continue until 2012. Now, the competing cryptographers are trying to crack each others' algorithms. One will finally be named SHA-3 and will make everything totally secure again – until further notice.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit